- c
Insider Threat Test Dataset
- kilthub.cmu.edu
txtUpdated May 30, 2023+ more versions
Share
Facebook
Twitter
EmailClick to copy linkLink copiedCiteBrian Lindauer (2023). Insider Threat Test Dataset [Dataset]. http://doi.org/10.1184/R1/12841247.v1txtAvailable download formatsUnique identifierhttps://doi.org/10.1184/R1/12841247.v1Dataset updatedMay 30, 2023Dataset provided byCarnegie Mellon UniversityAuthorsBrian LindauerLicenseAttribution 4.0 (CC BY 4.0)https://creativecommons.org/licenses/by/4.0/
License information was derived automaticallyDescriptionThe Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic background data and data from synthetic malicious actors.For more background on this data, please see the paper, Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data.Datasets are organized according to the data generator release that created them. Most releases include multiple datasets (e.g., r3.1 and r3.2). Generally, later releases include a superset of the data generation functionality of earlier releases. Each dataset file contains a readme file that provides detailed notes about the features of that release.The answer key file answers.tar.bz2 contains the details of the malicious activity included in each dataset, including descriptions of the scenarios enacted and the identifiers of the synthetic users involved.
CERT Insider threat
- kaggle.com
Updated Oct 6, 2019ShareFacebookTwitterEmailClick to copy linkLink copiedCiteNitisha (2019). CERT Insider threat [Dataset]. https://www.kaggle.com/datasets/nitishabharathi/cert-insider-threat/discussionCroissantCroissant is a format for machine-learning datasets. Learn more about this at mlcommons.org/croissant.Dataset updatedOct 6, 2019AuthorsNitishaDescriptionDataset
This dataset was created by Nitisha
Contents
System for Prediction and Early Detection of Insider Attacks (SPEDIA)...
- zenodo.org
csvUpdated May 29, 2025+ more versionsShareFacebookTwitterEmailClick to copy linkLink copiedCiteDavid Álvarez; David Álvarez; Luis Pérez; Luis Pérez; Alberto Mateo; Alberto Mateo; Xavier Larriva-novo; Xavier Larriva-novo; Manuel Álvarez-Campana; Manuel Álvarez-Campana; Víctor A. Villagra; Víctor A. Villagra (2025). System for Prediction and Early Detection of Insider Attacks (SPEDIA) Dataset [Dataset]. http://doi.org/10.5281/zenodo.15525713csvAvailable download formatsUnique identifierhttps://doi.org/10.5281/zenodo.15525713Dataset updatedMay 29, 2025AuthorsDavid Álvarez; David Álvarez; Luis Pérez; Luis Pérez; Alberto Mateo; Alberto Mateo; Xavier Larriva-novo; Xavier Larriva-novo; Manuel Álvarez-Campana; Manuel Álvarez-Campana; Víctor A. Villagra; Víctor A. VillagraLicenseAttribution 4.0 (CC BY 4.0)https://creativecommons.org/licenses/by/4.0/
License information was derived automaticallyDescriptionThe SPEDIA dataset was developed as part of an academic cybersecurity project focused on insider threat detection and analysis. It was generated through a 30-day cyber exercise in which real users with technical backgrounds performed realistic insider attacks based on the MITRE ATT&CK framework.
The dataset integrates data from three sources:
-
Malicious activity performed by real participants during the cyber exercise.
-
Non-malicious activity simulated via a role-based behavioral model.
-
Synthetic events derived from the CERT Insider Threat dataset.
The dataset includes over 20 fields per event, capturing rich information such as SSH and FTP connections, command execution, HTTP and email activity, file modifications, and more. It features a balanced distribution of malicious and non-malicious events, making it suitable for training supervised anomaly detection models.
Applications:
-
Training and evaluation of insider threat detection models.
-
Behavioral analysis of users in controlled network environments.
-
Validation of incident response and risk assessment tools.
Format: CSV (cleaned version, with 25 key columns)
Not seeing a result you expected?
Learn how you can add new datasets to our index.
FacebookTwitterEmailInsider Threat Test Dataset
Attribution 4.0 (CC BY 4.0)https://creativecommons.org/licenses/by/4.0/
License information was derived automatically
The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.The CERT Division, in partnership with ExactData, LLC, and under sponsorship from DARPA I2O, generated a collection of synthetic insider threat test datasets. These datasets provide both synthetic background data and data from synthetic malicious actors.For more background on this data, please see the paper, Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data.Datasets are organized according to the data generator release that created them. Most releases include multiple datasets (e.g., r3.1 and r3.2). Generally, later releases include a superset of the data generation functionality of earlier releases. Each dataset file contains a readme file that provides detailed notes about the features of that release.The answer key file answers.tar.bz2 contains the details of the malicious activity included in each dataset, including descriptions of the scenarios enacted and the identifiers of the synthetic users involved.